Every time we tap, click, or share online, we leave behind a digital footprint. For millions of Filipinos, these footprints contain personal details — from our names and addresses to financial and health information — making data privacy no longer a luxury but a necessity.

Every January 28, the world observes Data Privacy Day, a timely reminder that personal data is no longer just bits and bytes—it is power. In the Philippines, where Filipinos are among the most active internet and social media users globally, data privacy is not an abstract concept. It affects how we bank, shop, work, study, and even how we express our opinions online.

The country took a significant step toward protecting personal information with the passage of the Data Privacy Act of 2012 (Republic Act No. 10173). The law was intended to protect individuals from unauthorized processing of personal data while balancing innovation and the flow of information. On paper, it aligned the Philippines with global data protection standards and positioned privacy as a fundamental right.

However, there was a crucial delay: the Implementing Rules and Regulations (IRR), which define how the law should actually be enforced, were released four years later, in 2016. That gap mattered. For years, organizations operated in a gray area, and many treated data privacy as a checkbox rather than a responsibility. By the time enforcement mechanisms became clearer, data-driven business models had already exploded.

To be fair, Filipino awareness of privacy has improved significantly. More people now ask why apps want access to contacts, cameras, or location. Data breach news no longer flies under the radar, and terms like “data sharing,” “consent,” and “personal information controller” are becoming part of mainstream conversations. The rise of remote work, e-commerce, and digital government services has also forced privacy into everyday life.

Yet awareness alone is not enough.

More than a decade after the Data Privacy Act was enacted, there is still a noticeable absence of significant penalties imposed on large companies for violations affecting millions of Filipinos. Data breaches continue to happen, sometimes involving sensitive personal and financial information, but consequences often feel limited to advisories, compliance orders, or reputational damage. For ordinary Filipinos, this raises a tricky question: Is our data truly protected if accountability is rare?

This matters because privacy violations disproportionately harm individuals. A leaked database can lead to identity theft, financial fraud, spam, phishing, and even harassment. In a country where digital literacy varies widely, the cost of a privacy failure is often paid by those least equipped to recover from it.

Strong enforcement is not about being anti-business. On the contrary, trust is the foundation of a healthy digital economy. Companies that handle personal data responsibly gain consumer confidence, while those that cut corners should face meaningful consequences. Clear penalties send a signal that privacy is not optional and that Filipinos’ rights are not negotiable.

Data Privacy Day should therefore be more than a symbolic observance. It should be a checkpoint -- asking regulators to be firmer, organizations to be more accountable, and citizens to be more vigilant. The Data Privacy Act of 2012 laid the groundwork, but laws only matter when they are consistently and visibly enforced.

For Filipinos, privacy is not just a legal concept. It is dignity, security, and control in an increasingly digital world. Until enforcement catches up with awareness, the promise of data privacy in the Philippines remains unfinished, and Data Privacy Day reminds us that there is still work to do.